#!/bin/bash

# ----------------------------------------------------------------------
# Filename:   75673-auditctl-l.sh
# Version:    1.0
# Date:       2013/12/12
# Author:     yuanhui.shi
# Email:      yuanhui.shi@cs2c.com.cn
# Summary:    03系统安全功能-02审计功能-01auditctl-03查看audit规则并验证规则生效
# Notes:      auditctl -l
# Copyright:  China Standard Software Co., Ltd.
# History：     
#             Version 1.0, 2013/12/12
#             -   The first one
# ----------------------------------------------------------------------

PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH

source ../../../lib/Echo.sh
source ./lib/cmd.sh
source ../../../lib/XmlParse.sh


function CleanData ()
{
  rm -rf /tmp/tmp1
  rm -rf /tmp/tmp2
  rm -rf /tmp/tmp3
  echo "" >/var/log/audit/audit.log
  auditctl -W /etc/passwd -k password-file -p rwxa
  if [ $VAR == 0 ];then
     stop_daemon auditd
  else
     restart_daemon auditd
   fi

  EchoInfo "75673-auditctl-l.sh执行完毕"
}

trap "CleanData" EXIT


command -v systemctl &&  /bin/systemctl status auditd >/tmp/tmp1 || service auditd status >/tmp/tmp1


if [ -z "`cat /tmp/tmp1 |grep pid`" ];then
   VAR=0
   start_daemon auditd
else
   VAR=1
   restart_daemon auditd
fi


auditctl -l >/tmp/tmp2

auditctl -w /etc/passwd -k password-file -p rwxa

auditctl -l >/tmp/tmp3

NUM1=`cat /tmp/tmp2|grep "LIST_RULES" |wc -l`
NUM2=`cat /tmp/tmp3|grep "LIST_RULES" |wc -l`

if [ -z "`cat /tmp/tmp2|grep 'watch=/etc/passwd perm=rwxa key=password-file'`" -a -n "`cat /tmp/tmp3|grep 'watch=/etc/passwd perm=rwxa key=password-file'`" ];then 
   if [ $(($NUM1+1)) == $NUM2 ];then
       EchoResult "规则添加成功"
   else
       echo "规则添加失败"
       exit 1
   fi
else
      echo "规则添加失败"
       exit 1
fi


